The reason for the Taiko hack turned out to be surprisingly simple: for nearly two years, a file named enclave-key.pem—a RSA private key used to sign all SGX enclaves in the Raiko system—had been sitting in the public repository taikoxyz/raiko. It was this very key that Taiko’s L1 contracts used to verify the authenticity of proofs from L2.
The hacker found the key, registered a fake SGX enclave, signed it with the stolen key—and the contracts accepted it as legitimate. After that, he started sending fraudulent messages through the bridge and withdrawing funds. There were no sophisticated exploits or attacks on smart contracts—simply put, the key had been lying in plain sight for two years.
Continue reading this article on source: github.com